Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Service Control Policy SCP: AWS Organizations guardrails that cap the maximum permissions for accounts, enforcing org-wide security boundaries.
Service Control Policy (SCP) Definition: Service Control Policy SCP: AWS Organizations guardrails that cap the maximum permissions for accounts, enforcing org-wide security boundaries.
A Service Control Policy SCP is an AWS Organizations feature that sets the maximum available permissions for accounts in an organization, acting as a guardrail that filters what IAM users and roles can do. SCPs do not grant permissions themselves; they define a permission ceiling, so an action is only allowed when both the SCP and the account's identity-based or resource-based policies permit it. They are commonly used to enforce regional restrictions, block root account usage, and prevent disabling of logging or security services.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →